<?php
include_once './inc/config_inc.php';
include_once './inc/mysql_inc.php';
include_once './inc/tool_inc.php';
$link=connect();
$is_manage_login=is_manage_login($link);
$user_id=is_login($link);
if(!$user_id && !$is_manage_login){//如果既不是前台用户，也不是后台管理员，则需要重新登录
	skip('login.php', 'error', '您没有登录!');exit();
}

if(!isset($_GET['id']) || !is_numeric($_GET['id'])){
	skip('index.php', 'error', '留言id参数不合法!');exit();
}
$query="select * from content where id={$_GET['id']}";
$result=execute($link, $query);
if(mysqli_num_rows($result)==1){
	$data=mysqli_fetch_assoc($result);
	$data['content']=htmlspecialchars($data['content']);
	if(check_user($user_id,$data['user_id'],$is_manage_login)){
		if(isset($_POST['submit'])){
			$_POST=escape($link,$_POST);
			$query="update content set content='{$_POST['content']}' where id={$_GET['id']}";
			execute($link, $query);
			if(isset($_GET['return_url'])){
				$return_url=$_GET['return_url'];
			}else{
				$return_url="show.php";
			}
			if(mysqli_affected_rows($link)==1){
				skip($return_url, 'ok', '修改成功！');exit();
			}else{
				skip($return_url, 'error', '修改失败，请重试！');exit();
			}
		}
	}else{
		skip('index.php', 'error', '这个留言不属于你，你没有权限!');exit();
	}
}else{
	skip('index.php', 'error', '留言不存在!');exit();
}


$template['title']='编辑留言';
$template['css']=array('style/public.css','style/publish.css');
?>
<?php include 'inc/header_inc.php';?>

<!--留言-->
<div id="publish">
	<a href="index.php">首页</a> &gt; <span>发布留言</span>
	<form method="post" action=" " onsubmit="return check()">
		<textarea name="content" class="content" id="content"><?php echo $data['content']?></textarea>
		<input class="submit" type="submit" name="submit" id="submit" value="发表" style="margin-left: 20px;" />
		<div style="clear:both;"></div>
	</form>
</div>
<script type="text/javascript">
	function check(){
		var c=document.getElementById('content').value;

		if(c===""){
			alert("留言内容不能为空!");
			return false;
		}
	}
</script>

<?php include 'inc/footer_inc.php'?>